JP5993285B2 - User authentication device and user authentication program - Google Patents

Description

The present invention relates to a user authentication apparatus and program, and in particular, functions as a user authentication apparatus and a user authentication apparatus for authenticating whether or not an operator who operates a client terminal is a pre-registered user. The present invention relates to a user authentication program.

In a website that provides a predetermined service online to a pre-registered user, the operator of the terminal that has accessed the website via the network inputs the user ID and password, and the entered user ID and password Generally, a user authentication method is adopted in which it is confirmed whether or not the operator of the accessing terminal is a pre-registered user based on whether or not the combination is registered in a database.

  However, since the above user authentication method does not depend on the individuality of the terminal operated by the user, if the user ID and the password are leaked to others, the user ID There is a disadvantage that a person who knows the password can impersonate a legitimate user and gain unauthorized access.

In this regard, Non-Patent Document 1 discloses a predetermined password generation algorithm for the time and device identification information generated by an internal clock for a user who has signed a contract with an authentication company that operates an authentication server. Stand-alone hardware (hardware token) that generates a password (one-time password) by performing conversion in accordance with the user ID and authenticating the device identification information in association with the user ID (user ID) When the one-time password and user ID generated by the latest hardware token are transmitted from the terminal to the authentication server, the device identification stored by the authentication server in association with the received user ID To convert information and current time according to the above password generation algorithm If the one-time password is reproduced, and the one-time password matches the one-time password received from the terminal, the operator of the terminal authenticates that the user is the above-mentioned user, and the other contractor designated by the user A technique for certifying such as is described.

  On the other hand, as a one-time password generation method, a challenge / response method is known in addition to the above-described method (time synchronization method). In this challenge / response method, the authentication server transmits a one-time password generation parameter called a challenge to the terminal for each login, and the terminal inputs a received challenge and inputs a one-time password called a response. The authentication server is a technique for calculating a response to be transmitted by the user based on the challenge and performing an authentication process by checking the response received from the terminal.

  According to the authentication method of the time synchronization method described in Non-Patent Document 1 described above, since there are only two parameters (device identification information and current time) as the basis for generating a one-time password, security strength (hardware) The problem of relatively low token forgery has been recognized.

  Therefore, Non-Patent Document 2 combines a time synchronization method and a challenge response method, and a salt value (a parameter for generating authentication information in addition to device identification information and current time as a one-time password generation algorithm, , Which is mainly filled with random numbers), a keyboard for salt value input is added to the hardware token, and the authentication server generates a salt value for each user and requests from the user In response to this, the salt value is transmitted from the authentication server to the terminal, stored in the authentication server in association with the user ID and device identification information of the user, and then stored when the one-time password is transmitted from the terminal. A one-time password is generated based on the salt value, device identification information, and current time. Technology word performs authentication processing based on whether the match is disclosed.

"How to choose the right authentication method handbook", [online], August 2012, RSA Security Inc., [October 26, 2012 search], Internet <URL: http://japan.rsa.com/japan /pdf/products/SID/AuthHandBook.pdf> “Tele-IDv.6.2 FIPS 140-2 Non-Proprietary Security Policy”, [online], 2007, Encotone Ltd., [October 26, 2012 search], Internet <URL: http: // csrc. nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp417.pdf>

According to the technique described in Patent Document 2, since the salt value is transmitted from the authentication server to the terminal through the network, it is easy to be intercepted by a malicious third party (intermediate attacker). There is a problem that the difficulty of counterfeiting hardware tokens has not improved much from the time synchronization method described in Patent Document 1.

The present invention has been made in consideration of the above facts, and the problem is that the salt value can be generated at the terminal to avoid the risk of the salt value being intercepted by an intermediate attacker on the network. First, a user authentication apparatus and a user authentication program that can generate the same salt value in the authentication server are obtained.

  When a server as a means for solving the above-mentioned problem authenticates that an operator who operates a terminal accessed through a network is a pre-registered user, the server is connected to the processing device of the terminal. The salt value required for generating authentication information used for user authentication by performing conversion according to a predetermined algorithm on the unique variable information of the terminal to be written in the header of the message sent from A salt value generation program for generating a message is stored in a storage device, and the salt value generation program is transmitted to the terminal in response to a request by a message from the terminal, and a message from the terminal is transmitted according to the salt value generation program. By performing conversion according to the predetermined algorithm on the unique variable information of the terminal written in the header of Te generates a salt value, and generates the authentication information by performing a predetermined function based on the generated salt value.

Here, the salt value generation program may be a program that causes the processing device to generate the salt value as described above, or may be another program, for example, an add-in program of a browser program. Alternatively, it may be a script or an applet that is read and executed by a processing device operating according to a browser program or a virtual machine program. Only one salt value generation program may be prepared, or a plurality of patterns may be prepared. In that case, a parameter selected from a plurality of patterns of parameters prepared in advance may be embedded in a template of one program, and the program may be completed and transmitted to the terminal. The latter is also referred to as a “multiple pattern salt generation program” in this specification. In this way, when transmitting a specific salt generation program selected from a plurality of patterns of salt generation programs to the terminal, which salt generation program is transmitted in association with the identification information of the terminal that transmitted the request message. Information that can be identified afterwards must be stored in the storage device. For example, a fixed IP address may be used as the terminal identification information, but it may be the user ID of the operator who operates the terminal.
The unique variable information of the terminal needs to be information with a low probability of being changed in a short time such that authentication is performed based on the present invention. As this unique variable information, for example, when a message is a message according to a hypertext transfer protocol, user agent information according to the protocol, in particular, operating system and browser program type information installed in the terminal, and Version information can be used. In this case, the same unique variable information is included in the message requesting the salt value generation program and the message transmitted to transmit the authentication information thereafter. Therefore, in that case, the server may generate a salt value based on the unique variable information included in the former message, further generate authentication information, and store it in the storage device. A salt value may be generated based on the included unique variable information to further generate authentication information, and the generated authentication information may be immediately compared with the authentication information included in the message without storing the generated authentication information in the storage device. .

According to the present invention, the salt value can be generated in the terminal, and the same salt value as that generated in the terminal is also generated in the authentication server, so that the salt value is intercepted by an intermediate attacker on the network. You can avoid danger. Therefore, if the present invention is applied to a conventional one-time password generation method and authentication method, a one-time password can be generated using a salt value with a low risk of eavesdropping, so that the strength of security is strengthened.

A block diagram showing a schematic configuration of a computer system according to the present embodiment Table showing the data structure of the customer master file that makes up the user database Table showing the data structure of the transmission information file that makes up the user database Figure showing the one-time password entry screen Diagram showing the surface of a hardware token The flowchart which shows the content of the process which CPU of a bank system performs according to a user authentication server program The flowchart which shows the content of the process which CPU of a bank system performs according to a user authentication server program The flowchart which shows the content of the processing which CPU of a client terminal performs according to the browser program which read the script The flowchart which shows the contents of the processing which CPU of the client terminal executes according to the browser program which loads HTML

Hereinafter, an example of an embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows an online transaction system 10 according to the present embodiment. The online transaction system 10 includes a bank system 12 as a user authentication device installed in a specific financial institution. However, the present invention is not limited to the bank system, and in any network system, whether or not the operator of the client terminal who accesses the server and requests a certain service matches the person registered as a regular user in advance. Used when authenticating. Such a service includes a service for proving that the operator of the client terminal is a pre-registered user with respect to another business operator.

  Describing this embodiment, the specific financial institution is a service that enables a user who has opened an account with the specific financial institution to conduct online financial transactions. An online financial transaction acceptance service that accepts online financial transaction execution instructions is provided. In a financial transaction using this online financial transaction reception service, a user browses a web page of an online financial transaction website via a client PC (Personal Computer) 18 and inputs necessary information on the web page. Thus, information for instructing execution of the financial transaction desired by the user (financial transaction instruction information) is transmitted from the client PC 18 to the bank system 12. Then, the financial transaction instruction information is transferred from the bank system 12 to the account system 28 connected to the intranet 26, so that the financial transaction instructed by the user based on the financial transaction instruction information is performed in the account system 28, etc. To be executed by.

The bank system 12 includes a CPU 12A, a memory 12B, a hard disk drive (HDD) 12C, and a network interface (I / F) unit 12D that are connected to each other through a bus B.

The network I / F unit 12D is directly connected to a public computer network (Internet) 16 in which a large number of web servers are connected to each other via a communication line, and further installed in a specific financial institution. An intranet (LAN) 26 is also connected. A billing system 28 is connected to the intranet 26.

Since a large number of client PCs 18 are connected to the Internet 16, the network I / F unit 12 </ b> D can be connected to each client PC 18 via the Internet 16.

  The memory 12B is a main storage device including a RAM (Random Access Memory), and a work area by the CPU 12B is expanded.

  The CPU 12A is a computer that controls the entire hardware constituting the bank system 12 by executing the program read out on the memory 12B, and includes response means, salt value reproduction means, part of transmission information management means, authentication It corresponds to information generation means and determination means.

  The HDD 12C is a storage device that incorporates a computer-readable storage medium that stores various data and programs. The programs stored in the HDD 12C include an operating system (OS) that is read and executed on the memory 12B by the CPU 12A, a user authentication server program 13, a one-time password generation function 17, and a plurality of patterns of salt value generation. Script (JavaScript (registered trademark)) 14 is included. However, since the operating system is generally commercially available, the description thereof is omitted. The contents of the user authentication server program 13 will be described later with reference to the flowcharts of FIGS. Each salt value generation script 14 converts a plurality of parameters (OS type identification information, OS version, browser type identification information, browser version) according to a predetermined algorithm to generate a function for generating a unique numerical sequence (salt value). It is a kind of defined program (salt value generation program). In the HDD 12C, a plurality of patterns of salt value generation scripts 14 having different algorithms are prepared in advance. These salt value generation scripts 14 may be associated with a time zone, or may be associated with each other so as to be uniquely specified by a function having a time and a user ID described later as input values. The one-time password generation function 17 is a program implemented in, for example, a hardware token (authentication information generation apparatus) as described in Non-Patent Document 2, and includes a salt value, a current time, and a hardware token number (authentication). A program that defines a function that generates a unique number sequence (one-time password [corresponding to authentication information used for user authentication]) by converting three types of parameters consisting of individual identification information of the information generation device according to a predetermined algorithm It is.

  Various data stored in the HDD 12C includes a user database 15. The user database 15 is a database that manages information regarding all users who have entered into account opening contracts with the specific financial institution. Since the user database 16 is composed of a plurality of data files, an example thereof is shown in FIGS.

  FIG. 2 is a data file (customer master file) for pre-registering fixed information about individual users who are authentication subjects, and a user ID (contract number) uniquely assigned to each individual user. , Hardware token individual identification information (hardware token number) and its expiration date, the user's name, date of birth and address, and password arbitrarily set by the user (fixed password) Is registered.

  FIG. 3 shows data as a transmission information management means for temporarily recording information for managing an authentication request every time a user registered as an authentication target in the customer master file makes an authentication request. File (transmission information file [corresponding to a part of transmission information management means]), an entry is added for each authentication request, and the added entry includes the user ID of the user who made the authentication request, the customer master The hardware token number registered in association with the user ID in the file (FIG. 2), the pattern number of the salt value generation script 14 transmitted to the user in response to the authentication request, and the time of transmission , And a counter value (failure counter) for recording the number of authentication failures.

  Returning to FIG. 1, the client PC 18 as a terminal includes a CPU 19, a memory 20, a keyboard 21, a communication module 22, a display 23, and a hard disk (HDD) 24 that are connected to each other via a bus B so as to exchange data. . That is, the client PC 18 is a general-purpose computer having a general hardware configuration. The client PC 18 may be a computer having an Internet connection function, and thus may have a so-called tablet computer hardware configuration or a so-called smartphone hardware configuration.

The CPU 19 is a processing device that controls the entire client PC 18 by reading and executing a program.

  The communication module 22 is a communication device that terminates various network protocols that can be used by the user using the client PC 18 and communicates with a base station of the network in a data format according to the protocol. .

  The display 23 is a display device on which visible information such as various images, screens, and messages is displayed by the CPU 19.

  The keyboard 21 is an input device that inputs a character string to the CPU when operated by a user.

  The hard disk 24 is an external storage device that stores various programs and various data. Various programs stored in the hard disk 24 include an operating system (OS) and a browser program, which are basic programs for controlling the basic operation of the client PC 18. However, since these operating systems and browser programs are generally distributed, description thereof will be omitted.

  The memory 20 is a main storage device in which a work area of the CPU 19 is expanded. The memory 20 also temporarily stores programs and data downloaded via the network. For example, the salt value generation script 14 and the one-time password generation function 17 received from the bank system 12 via the Internet 16 are also temporarily stored in the memory 20 and read out and executed by the CPU 19.

  The hardware token 1 is a dedicated computer specialized for executing the above-described one-time password generation function 17. For example, a conventionally known one described in Non-Patent Document 2 can be used. Here, the structure of the hardware token 1 will be schematically described. As shown in FIG. 1, the CPU 2, the memory 3, the keyboard 5, the display 6, and the clock 7 are connected to each other through B so as to exchange data. Is made up of.

  The memory 3 stores a hardware token number 8 that is uniquely and fixedly given to the hardware token 1 in advance and the one-time password generation function 17 that is exactly the same as that stored in the hard disk 12C of the bank system 12. ROM (Read Only Memory).

  As shown in the plan view of FIG. 5, the keyboard 5 is composed of a plurality of character buttons 5a and input buttons 5b for inputting numbers 0 to 9 and some symbols.

  The clock 7 always generates information (time information) indicating the current time and inputs it to the CPU 2.

  The CPU 2 executes the one-time password generation function 17 read from the memory 3 with respect to the character string (salt value) input by the keyboard 5 and the hardware token number 8 read from the memory 3, thereby executing the one-time password. Is generated. Instead of the CPU 2, a logic circuit that performs the same function may be used.

  As shown in FIG. 5, the display 6 is a liquid crystal panel capable of displaying a character string corresponding to the number of digits of the one-time password, and displays the one-time password generated by the CPU 2.

  The contents of the processing executed by the CPU 12A according to the user authentication server program 13 in the bank system 12 will be described below together with the contents of the processing executed by the CPU 19 according to the browser program in the client PC 18 with reference to the flowcharts of FIGS. To do. In the following section names, for convenience, the CPU 12A that operates according to the user authentication server program 13 is referred to as a “user authentication server 13”.

  The process of FIG. 6 is a request message transmitted from the client PC 18 when the operator of the client PC 18 accessing the site provided by the bank system 12 has selected to execute an important transaction on the site. Is received by the bank system 12.

  Then, in the first S001 after the start, the user authentication server 13 acquires the user ID on the assumption that the operator of the request message transmission source client PC 18 is a user registered in the user database 15. Specifically, when the user ID is included in the request message (the user ID input field is displayed in the HTML data transmitted to the client PC 18 immediately before and written in the user ID input field in the request message) If the setting tag for including the character string as a user ID is included), the user ID is extracted from the request message. When a user ID is received from the client PC 18 during a session with the client PC 18, the temporarily stored user ID is read. In other cases, the client PC 18 is sent an HTML including a tag set to display the user ID input field and respond to the message with the character string written in the user ID input field as the user ID. In response to this, the user ID transmitted by the client PC 18 may be acquired.

  In the next S002, the user authentication server 13 reads the hardware token number associated with the user ID acquired in S001 from the customer master file (FIG. 2) in the user database 15.

  In next S003, the user authentication server 13 determines a pattern number of the salt value generation script 14 to be transmitted to the request message transmission source client PC 18. In this case, as described above, when the salt value generation script 14 is associated with the time zone, the pattern number of the salt value generation script 14 associated with the time zone including the current time is determined. To do. On the other hand, when the salt value generation script 14 is associated so as to be uniquely specified by a function having a time and a user ID, which will be described later, as input values, it is acquired at the current time and S001. By applying the user ID to the function, the pattern number of the salt value generation script 14 associated with the output of the function is determined.

  In next S004, the user authentication server 13 transmits the user ID acquired in S001, the hardware token number read in S002, the current time, and the pattern number of the salt value generation script 14 determined in S004 to the client. Information is recorded in a transmission information file in the user database 15 (corresponding to transmission information management means). Since the pattern number of the salt value generation script 14 can be reproduced at any time based on the current time and / or user ID, there is no problem even if it is not recorded in the transmission information file. Therefore, the current time or pattern number corresponds to information for identifying the salt value generation program, and the user ID is registered as information to identify the terminal, operator identification information, and a person to be authenticated in advance. This corresponds to the identification information of the user.

  In next S005, the user authentication server 13 dynamically generates a message (HTTP response message) for displaying the one-time password input screen shown in FIG. 4 by the browser, and transmits it to the request message transmission source client PC 18. To do. In the HTML data included in the electronic message, a salt value generation script 14 corresponding to the pattern number determined in S003 is incorporated, and a salt value that is an execution result of the salt value generation script 14 is stored. A script field 31, a user ID input field 32, a fixed password input field 33, a one-time password input field 34, and a send button 35 are displayed on the one-time password input screen, and characters are displayed in the fields 32-34. When the send button 35 is operated (clicked) while a column is input, the character string input in each column 32 to 34 is transmitted to the bank system 12 as a user ID, a fixed password, and a one-time password, respectively. A tag is incorporated. Therefore, the user authentication server 13 (CPU 12A) that executes the process of S005 corresponds to a response unit.

  In next S006, the user authentication server 13 waits for the request message transmission source client PC 18 to transmit a message (HTTP request message including a user ID, a fixed password, and a one-time password) according to the message.

  Here, the processing executed by the CPU 19 of the client PC 18 that has received the message (HTTP response message) transmitted in S005 according to the HTML data and browser program included in the message will be described with reference to FIGS. . FIG. 8 shows processing executed in accordance with the browser program that has read the salt value generation script 14 incorporated in the HTML data, and FIG. 9 shows that processing is executed in accordance with the browser program that has read the other parts of the HTML data. Shows the processing. These two processes are executed substantially in parallel. Hereinafter, the CPU 19 operating according to the browser program is referred to as “CPU 19”.

  First, the CPU 19 reads the received HTML data in S201 of FIG. 9, and displays the one-time password input screen shown in FIG. 4 on the display 23 according to the description.

  In parallel with this, the CPU 19 installs the type identification information and version of the operating system (OS) installed in the hard disk 24 of the client PC 18 and is currently executed by the CPU 19 in S101 of FIG. The version is acquired using the OS provided function. The type identification information and version of the operating system (OS) and the type identification information and version of the browser program are stored in the HTTP (Hypertext) when the HTTP request message is transmitted from the client PC 18 to any web server according to the browser program. Since the user agent information to be written in the header (HTTP header) of the HTTP request message is configured in accordance with the rules of the (text transfer protocol), it corresponds to the unique variable information of the terminal.

  In the next S102, the CPU 19 converts the operating system (OS) type identification information and version acquired in S101 and the browser type identification information and version according to the algorithm described in the salt value generation script 14 as input values. To calculate one salt value.

  In the next S103, the CPU 19 displays the salt value calculated in S102 in the script area 31 in the one-time password input screen displayed in S201. The user who sees the salt value inputs the salt value using the character button 5a in the keyboard 5 of the hardware token 1, and then presses the input button 5b. Then, the JCPU 2 of the hardware token 1 uses the salt value, the hardware token number 8 read from the memory 3 and the current time information input from the clock 7 as input values, and the one-time password generation function read from the memory 3. Is applied to calculate a one-time password and display it on the display 6.

  On the other hand, in S <b> 202 following S <b> 201, the CPU 19 inputs the user ID of the user in the user ID input field 32 on the one-time password input screen and the user in the fixed password field 33 in S <b> 202. The user enters the stored fixed password of the user and inputs the one-time password displayed on the display 6 of the hardware token 1 in the one-time password field 32, and then operates (clicks) the send button 35. ) Wait to do.

  When the send button 35 is operated, the CPU 19 in S203, the character string input in the user ID input field 32 on the one-time password input screen, the character string input in the fixed password field 33, and the one A message (HTTP request message) in which the character string input in the time password field 32 is stored as a user ID, a fixed password, and a one-time password is transmitted to the bank system 12. In the header (HTTP header) of this message (HTTP request message), as described above, the user agent information including the type identification information and version of the operating system (OS) of the message transmission source terminal and the type identification information and version of the browser Is inevitably written. When S203 is completed, the CPU 19 waits for a response from the bank system 12 in S204.

  Returning to FIG. 6, when the message (HTTP request message) transmitted from the client PC 18 is received, the user authentication server 13 advances the process from S006 to S007, and the header (HTTP request message) of the message (HTTP request message) received from the client PC 18. The type identification information and version of the operating system (OS) and the type identification information and version of the browser are acquired from the user agent information included in the header.

  In next S008, the user authentication server 13 reads out the pattern number associated with the user ID included in the message (HTTP request message) received in S006 from the transmission information file in the user database 15, and the pattern number. Is read from the hard disk 12C.

  In next S009, the user authentication server 13 uses the operating system (OS) type identification information and version acquired in S007, the browser type identification information and version as input values, and the salt value generation script read out in S008. 14 is applied to calculate a salt value (corresponding to a salt value reproducing means). At this time, the salt value generation script 14 matches the one transmitted to the client terminal 18, the type identification information and version of the operating system (OS), the type identification information of the browser, and the version client terminal 18. Since it is guaranteed that it matches that of the operating system and browser program installed on the computer, it is logical that the salt value matches that calculated in the client PC 18. .

  In the next step S010, the user authentication server 13 uses the hardware token number and time associated with the user ID included in the message (HTTP request message) received in step S006, as the transmission information file in the user database 15. Read from.

  In next S011, the user authentication server 13 applies the one-time password generation function 17 read from the hard disk 12C using the hardware token number and time read in S010 and the salt value calculated in S009 as input values. Then, a one-time password is generated (corresponding to authentication information generating means).

In next S012, the user authentication server 13 uses the combination of the one-time password and the fixed password included in the message (HTTP request message) received in S006 as the user ID included in the message (HTTP request message). It is determined whether or not it matches the combination of the fixed password stored in the customer information file of the user database 15 and the one-time password generated in S011 (corresponding to determination means). If they do not match, the process proceeds to S016, and if they match, the process proceeds to S013.
In S016, the user authentication server 13 sets one “failure counter” value (initial value is 0) of the entry in the transmission information file including the user ID included in the message (HTTP request message) received in S006. Increment. In the next S017, the user authentication server 13 checks whether or not the value of the “failure counter” after the increment has reached an upper limit (for example, 3). If the value of the “failure counter” has not yet reached the upper limit, in step S020, the user authentication server 13 returns a retry instruction message to the client PC 18 that has transmitted the request message, and ends the process. On the other hand, if the value of the “failure counter” has reached the upper limit, the user authentication server 13 causes the warning message (the suspicion that the man-in-the-middle attack has been performed because the number of failures has reached the upper limit in S018). Therefore, if you wish to stop the subsequent transaction through the network, and if you want to resume the transaction through the network, bring your ID card, passbook, hardware token, etc. After the response to the request message transmission source client PC 18, the ID invalidation process is performed in S019, and the process ends. The ID invalidation process is a process for stopping a transaction via the network using the user ID included in the message (HTTP request message) received in S006. For example, the ID invalidation process corresponds to the user ID. This is a process of deleting the hardware token number attached and registered in the customer master file and deleting the entry including the user ID from the transmission information file.

  In S013, which is executed when it is determined in S012 that they match, the user authentication server 13 responds to the client PC 18 that sent the request message that the authentication was successful. In the next S014, the user authentication server 13 deletes the entry including the user ID included in the message (HTTP request message) received in S006 from the transmission information file. In the next S015, the user authentication server 13 follows the request from the client PC 18 on the assumption that the operator of the client PC 18 that has transmitted the request message is a regular user registered in the user database 15. Perform critical transaction processing.

  Returning to FIG. 9, if the response (HTTP response message) from the bank system 12 is a retry instruction, the CPU 19 of the client PC 18 ends the processing after displaying the retry instruction on the display 23 in S206. If the response from the bank system 12 is a warning, the CPU 19 displays the content of the warning on the display 23 and then ends the process. On the other hand, if the response from the bank system 12 is successful, the process is continued in S205. In this case, since the operator of the client PC 18 has been authenticated as a legitimate user registered in the user database 15 of the bank system 12, it makes an important transaction processing request to the bank system 12. Is possible.

  According to the online transaction system 10 according to the present embodiment configured as described above, the salt value is generated by the user authentication server 13 in the bank system 12 and at the same time in the client PC 18 based on the same algorithm and the same input value. It is not necessary to expose the salt value on the network. Therefore, there is no risk that the salt value is intercepted (leaked) by an intermediate attacker, so that the security strength is improved.

  In addition, the salt value is calculated from the specific salt value generation script 14 selected from the plurality of patterns and the user agent information, and the distribution directions of the two are opposite (the salt value generation script 14 is obtained from the bank system 12). Since the user agent information is transmitted from the client PC 18 to the bank system 12 while being transmitted to the client PC 18, the intermediate attacker knows that a salt value is generated from both. However, the probability that both pieces of information can be intercepted together is extremely low.

  In the event that the user ID, fixed password, and one-time password in the message (HTTP request message) that the client PC has finally sent to the bank system (S203) are intercepted (leaked) by an intermediate attacker, the intermediate There is a possibility that an attacker assembles a message (HTTP request message) containing these information in the terminal of his own use and impersonates a legitimate user and sends the message (HTTP request message) to the bank system. In the header (HTTP header) of the message (HTTP request message) assembled by the intermediate attacker, the user agent information of the terminal used by the intermediate attacker (operating system (OS) type identification information and version, browser type) Identification information and barge Since emission) will be included in the inevitable, the user authentication server 13 of the banking system 12 will the authentication failure response (S015). Therefore, even in this case, high security strength can be maintained.

1 hardware token 10 online transaction system 12 bank system 12A CPU
12C HDD
13 User Authentication Server Program 14 Salt Value Generation Script 15 User Database 16 Internet 17 One-Time Password Generation Function 18 Client PC
19 CPU
20 Memory 21 Keyboard 22 Communication Module 23 Display 24 Hard Disk

Claims (6)

A user authentication device that authenticates that an operator operating a terminal accessed through a network is a pre-registered user,
Authentication information used for user authentication by causing the processing device of the terminal to perform conversion according to a predetermined algorithm on the unique variable information of the terminal to be written in the header of a message transmitted from the terminal A storage device storing a salt value generation program for generating a salt value required for generation based on a predetermined function of
In response to a request from a terminal by a message, response means for transmitting the salt value generation program to the terminal;
According to the salt value generation program, a salt value is generated by performing conversion according to the predetermined algorithm on the unique variable information of the terminal written in the header of the message from the terminal, and the generated salt value An authentication information generating means for generating authentication information by executing the predetermined function based on the user authentication device. When an electronic message storing the authentication information is received from the terminal, the operator of the terminal authenticates in advance if the authentication information stored in the electronic message matches the authentication information generated by the authentication information generating unit. The user authentication device according to claim 1, further comprising determination means for determining that the user is registered as a target person. The storage device stores the salt value generation program of a plurality of patterns with different algorithms.
The information for identifying the salt value generating program said responding means sends to said terminal, and records in association with the information for identifying the terminal, and the transmission information management means,
Information for identifying the terminal that transmitted the electronic message is acquired, information for identifying the salt value generation program recorded by the transmission information management unit in association with the information is read, and is identified by the information. And a salt value reproduction means for generating a salt value by performing conversion according to the predetermined algorithm on the unique variable information of the terminal written in the header of the message according to the salt value generation program. The user authentication device according to claim 1. The information for identifying the terminal is user identification information registered in advance as a person to be authenticated,
The function is the same as the function executed by the authentication information generation device to generate the authentication information based on the solid identification information of the authentication information generation device that generates the authentication information, the current time, and the input salt value. Function,
The transmission information management means further includes the time when the salt value generation program is transmitted to the terminal, the individual identification information of the authentication information generation device issued to the user operating the terminal, and the identification information of the user Recorded in association with
The authentication information generation means includes the generated salt value, the time recorded by the transmission information management means in association with the identification information of the user operating the terminal that transmitted the message, and the authentication information generation. The user authentication apparatus according to claim 3 , wherein the authentication information is generated by executing the function on individual identification information of the apparatus. Further comprising transmission information management means for recording information for identifying the salt value generation program transmitted to the terminal by the response means in association with information for identifying the terminal;
The information for identifying the terminal is user identification information registered in advance as a person to be authenticated,
The function is the same as the function executed by the authentication information generation device to generate the authentication information based on the solid identification information of the authentication information generation device that generates the authentication information, the current time, and the input salt value. Function,
The transmission information management means further includes the time when the salt value generation program is transmitted to the terminal, the individual identification information of the authentication information generation device issued to the user operating the terminal, and the identification information of the user Recorded in association with
The authentication information generation means includes the generated salt value, the time recorded by the transmission information management means in association with the identification information of the user operating the terminal that transmitted the message, and the authentication information generation. The authentication information is generated by executing the function on the individual identification information of the device.
The user authentication device according to claim 1 or 2, wherein Authentication information used for user authentication by causing the processing device of the terminal to perform conversion according to a predetermined algorithm on the unique variable information of the terminal to be written in the header of a message transmitted from the terminal An operator who is connected to a storage device that stores a salt value generation program that generates a salt value required for generation based on a predetermined function of the terminal and that operates a terminal accessed through a network is a registered user. A computer that authenticates
In response to a request from a terminal by a message, a response unit that transmits the salt value generation program to the terminal, and
According to the salt value generation program, a salt value is generated by performing conversion according to the predetermined algorithm on the unique variable information of the terminal written in the header of the message from the terminal, and the generated salt value A user authentication program that functions as authentication information generation means for generating authentication information by executing the predetermined function based on the authentication function.

Images